Re: [GNU-linux-libre] review PureOS ISO

[Denis 'GNUtoo' Carikli]

Hi,

On Thu, 9 Jun 2016 18:16:28 -0400
Julie Marchant <address@hidden> wrote:
> I said, and this
> is factually correct, that they were and still are promises you cannot
> keep. It is *impossible* to make any x86 CPU made after 2013
> (including the ones used by the Purism laptops) respect your freedom,
> because they will not run without proprietary programs that are
> *cryptographically signed* by the manufacturer of the CPU, and even
> *Google*, one of the richest multi-national corporations in the
> world, could not convince Intel to cooperate with them. And yet, you
> promised to deliver a laptop which respects your freedom with such a
> CPU anyway. Either Purism is being run by idiots, or it is being run
> by scam artists, especially if you are going to continue to insist
> that you can make good on this impossible promise.
Their website is indeed still very misleading. That should have been
fixed long ago but I still personally finds it misleading as of today.

It's not hard to fix:
1) Draft the specifications of the website in such a way that the
   people making the website are not mislead themselves, and to make
   sure to communicate information in a clear manner, and avoid
   confusion.
2) Once that's done people participation to that website can refer to
   such specifications.

The confusion comes from the fact that, given how the website is made,
it's easy to think that the laptops they sell right now do or will
protect your freedom(with software updates). It's also easy to think
that they are working on such software updates.

Instead it seem that they engage with manufacturers to make it happen
on future laptops, one day, and that it will be a long road.

They should instead be Crystal clear with their customers.

> Furthermore, what "progress" has Purism made? Let's break down the
> current version of that fancy, deceptive progress bar:
> 
> * Everything up to and including "Bootloader Freed" is just a
> long-winded way of saying "completely libre OS". That was the GNU
> project and other projects like Linux, far predating Purism's
> existence as a company.
Right now that OS isn't FSDG yet. However, even if it's not as
easy as they though, it isn't out of reach:
Some common packages to be removed or fixed are listed here:
https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines

I wonder if the fact that they didn't chose an unmodified Trisquel is
due to some integration of Tor inside their distribution.

> * "Fuse CPU for Unsigned Binaries": Some technical thing I don't
> really understand, but people have commented that this is an
> extremely easy thing to do and not particularly significant.
Recent Intel CPUs are becoming more and more similar to smartphone's
(they are called system on a chip or SOC). So I would guess it works
the same:
Many system on a chip have what is called a bootrom.
It's just instructions(like ARM instructions) burned inside the silicon.
Theses instructions can initialize hardware, fetch the code that runs
next,for instance from the microSD, or other storage devices.
Manufacturers can then choose to blow some fuses (inside the system on a
chip) to encode the hash of a public key. This operation is
irreversible.
If they do so, the chip will then refuses to boot if the code that they
fetch from external storage(like microSD) isn't signed.

Practically speaking such scheme prevents us from running a modified
version of the boot firmware(The BIOS/EFI/UEFI/Coreboot).

Some laptop manufacturer use this, while some other don't. Puri.sm
doesn't.

> * "Coreboot BIOS Released": Yeah, Coreboot, or rather Shimboot, is
> running on PureOS. It was done by Coreboot volunteers; Purism had
> nothing to do with the effort.
They just manufactured hardware that permits you to replace your boot
fimrware(BIOS/EFI/UEFI) by coreboot. I don't think that they were
involved at all in that port. Instead they documented how to reflash
the hardware or something like that on coreboot blog:
https://blogs.coreboot.org/blog/2015/09/02/2015-08-28-librem-13-weekly-bios-update/
https://blogs.coreboot.org/blog/2015/08/24/2015-08-21-librem-13-weekly-progress-update/

> * "Drive Firmware Freed": Nice Engrish.
Where did you see that? A drive isn't a WiFi chip. Typo?

> But it's Think Penguin who
> worked with people who were inside Qualcomm Atheros to get essential
> wireless firmware liberated, and Intel made their integrated graphics
> controllers work without proprietary firmware of their own accord
> years ago. Purism did nothing to improve the situation here, which is
> still very bad and getting worse.
They instead should advocate that they use the WiFi chips that works
best for freedom.
Note that the cards supported by the ath5k and ath9k don't have a
firmware.
ThinkPenguin instead helped free the ones supported by the ath9k_htc
driver. Theses are used to make USB WiFi cards.
This was a very important contribution to software freedom.

> Of course, all of this ultimately has no bearing on whether or not
> PureOS qualifies as a GNU FSDG distro. But Purism's record does
> justify being very cautious and thorough in the investigation of it,
> more so than e.g. LibertyBSD.
Sadly they would have been way more effective if they were crystal
clear and could deliver on (maybe less impressive) claims.

For instance if some privacy profiteers package Tor in a wireless
access point, they get a ton of criticism because it doesn't deliver:
http://www.zdnet.com/article/charlatans-the-new-wave-of-privacy-profiteers/

Instead of some people do something very similar but do advertise
clearly the limits of the device they sell, it gets promoted a lot:
https://internetcu.be/

In the case of puri.sm, that would have helped them solve many of the
problems they have a hard time with:
They are for instance hiring, and if they were more clear, they may
have had the ability to hire the coreboot developers they were looking
for.

Denis.

pgplpzxxwa_2O.pgp
Description: OpenPGP digital signature